cqrenet/aoc - aoc - CQRE.NET Git

cqrenet/aoc

Fork 0

Commit Graph

Author	SHA1	Message	Date
Tomas Kracmar	d01e7801ed	security: v1.7.7 hardening release All checks were successful CI / lint-and-test (push) Successful in 51s Details Release / build-and-push (push) Successful in 1m57s Details - Add WEBHOOK_CLIENT_SECRET validation for Graph webhooks - Add Redis-backed rate limiting (fetch/ask/write/default tiers) - Validate LLM_BASE_URL to prevent SSRF (HTTPS only, block private IPs) - Enforce non-wildcard CORS when AUTH_ENABLED=true - Add Content-Security-Policy headers - Fix audit middleware to use verified JWT claims via contextvars - Cap bulk_tags updates to 10,000 documents - Return generic error messages to clients (no internal detail leakage) - Strict AlertCondition Pydantic model for alert rules - Security warning on MCP stdio server startup - Remove MongoDB/Redis host ports from docker-compose - Remove mongo_query from /ask API response	2026-04-27 09:16:57 +02:00
Tomas Kracmar	5122739c01	feat: MCP server over SSE with OIDC auth All checks were successful CI / lint-and-test (push) Successful in 36s Details - Extract shared MCP tool handlers to mcp_common.py - mcp_server.py now uses shared handlers (stdio transport for local dev) - New routes/mcp.py: SSE transport behind existing OIDC Bearer auth - Mount MCP ASGI app at /mcp in main.py when AI_FEATURES_ENABLED - /mcp/sse -> establishes SSE stream (requires valid token when auth enabled) - /mcp/messages/ -> receives MCP client messages - Update README with SSE MCP docs - Add tests for mount existence, auth, and message routing	2026-04-21 07:38:12 +02:00
Tomas Kracmar	60b6ad15c4	Release v1.3.0: AI feature flag and MCP server All checks were successful CI / lint-and-test (push) Successful in 45s Details Release / build-and-push (push) Successful in 1m34s Details - Add AI_FEATURES_ENABLED config flag to gate AI/natural-language features - Conditionally register /api/ask router based on AI_FEATURES_ENABLED - Add GET /api/config/features endpoint for frontend feature detection - Update frontend to hide Ask panel when AI features are disabled - Implement standalone MCP server (backend/mcp_server.py) with tools: * search_events, get_event, get_summary, ask - Add mcp dependency to requirements.txt - Update .env.example, AGENTS.md, and ROADMAP.md - Bump VERSION to 1.3.0	2026-04-20 18:11:26 +02:00

Author

SHA1

Message

Date

Tomas Kracmar

d01e7801ed

security: v1.7.7 hardening release

CI / lint-and-test (push) Successful in 51s

Details

Release / build-and-push (push) Successful in 1m57s

Details

- Add WEBHOOK_CLIENT_SECRET validation for Graph webhooks
- Add Redis-backed rate limiting (fetch/ask/write/default tiers)
- Validate LLM_BASE_URL to prevent SSRF (HTTPS only, block private IPs)
- Enforce non-wildcard CORS when AUTH_ENABLED=true
- Add Content-Security-Policy headers
- Fix audit middleware to use verified JWT claims via contextvars
- Cap bulk_tags updates to 10,000 documents
- Return generic error messages to clients (no internal detail leakage)
- Strict AlertCondition Pydantic model for alert rules
- Security warning on MCP stdio server startup
- Remove MongoDB/Redis host ports from docker-compose
- Remove mongo_query from /ask API response

2026-04-27 09:16:57 +02:00

Tomas Kracmar

5122739c01

feat: MCP server over SSE with OIDC auth

CI / lint-and-test (push) Successful in 36s

Details

- Extract shared MCP tool handlers to mcp_common.py
- mcp_server.py now uses shared handlers (stdio transport for local dev)
- New routes/mcp.py: SSE transport behind existing OIDC Bearer auth
- Mount MCP ASGI app at /mcp in main.py when AI_FEATURES_ENABLED
- /mcp/sse  -> establishes SSE stream (requires valid token when auth enabled)
- /mcp/messages/ -> receives MCP client messages
- Update README with SSE MCP docs
- Add tests for mount existence, auth, and message routing

2026-04-21 07:38:12 +02:00

Tomas Kracmar

60b6ad15c4

Release v1.3.0: AI feature flag and MCP server

CI / lint-and-test (push) Successful in 45s

Details

Release / build-and-push (push) Successful in 1m34s

Details

- Add AI_FEATURES_ENABLED config flag to gate AI/natural-language features
- Conditionally register /api/ask router based on AI_FEATURES_ENABLED
- Add GET /api/config/features endpoint for frontend feature detection
- Update frontend to hide Ask panel when AI features are disabled
- Implement standalone MCP server (backend/mcp_server.py) with tools:
  * search_events, get_event, get_summary, ask
- Add mcp dependency to requirements.txt
- Update .env.example, AGENTS.md, and ROADMAP.md
- Bump VERSION to 1.3.0

2026-04-20 18:11:26 +02:00

3 Commits